Cookie Policy & Privacy

PRIVACY POLICY

(According to Regulation (EU) 2016/679 – GDPR)

1. Data Controller

The Data Controller of the personal data collected through the website www.gianlucasantoriello.com is:

GIANLUCA SANTORIELLO
Via San Lorenzo 1 – Cava de Tirreni 84013 (SA)
VAT ID IT06281690658
Email: info@laherte.com

The Data Controller determines the purposes and means of the processing of personal data.

2. Types of Personal Data Collected

Among the types of Personal Data that this Application collects, either directly or through third parties, there are:

  • First and last name
  • Email address
  • Phone number
  • Company name
  • Content of messages submitted through contact forms
  • Usage Data (IP address, browser type, operating system, pages visited, time spent on pages, device information, etc.)

Complete details on each type of Personal Data collected are provided in the relevant sections of this privacy policy or by specific explanatory texts displayed prior to data collection.

Personal Data may be freely provided by the User or, in the case of Usage Data, collected automatically when using this Application.

Unless specified otherwise, all Data requested by this Application is mandatory. Failure to provide such Data may make it impossible for this Application to provide its services.

Users who are uncertain about which Personal Data is mandatory are welcome to contact the Data Controller.

Users are responsible for any third-party Personal Data obtained, published or shared through this Application.

3. Methods and Place of Processing

The Data Controller adopts appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of Personal Data.

Data processing is carried out using computers and/or IT-enabled tools, following organizational procedures strictly related to the purposes indicated.

In addition to the Data Controller, Personal Data may be accessible to:

  • Employees and collaborators (administration, sales, marketing, legal, IT administration)
  • External service providers appointed, where necessary, as Data Processors (hosting providers, IT companies, communication agencies, technical service providers)

An updated list of Data Processors may be requested at any time.

Place of Processing

Data is processed at the Data Controller’s operating offices and in any other places where the parties involved in the processing are located.

If data transfers outside the European Economic Area (EEA) occur, such transfers will take place in compliance with Standard Contractual Clauses or other appropriate safeguards under the GDPR.

4. Retention Period

Personal Data shall be processed and stored for as long as required by the purpose for which it has been collected.

Specifically:

  • Data collected for contractual purposes shall be retained until the contract has been fully performed.
  • Data processed based on legitimate interest shall be retained as long as necessary to fulfill such interests.
  • Data processed on the basis of consent shall be retained until consent is withdrawn.
  • Data may be retained for a longer period where required by law.

Once the retention period expires, Personal Data will be deleted or anonymized.

5. Purposes of Processing

The User’s Personal Data is collected for the following purposes:

  • Providing services requested by the User
  • Responding to inquiries submitted via contact forms
  • Complying with legal obligations
  • Protecting the rights and interests of the Data Controller
  • Detecting fraudulent or malicious activities
  • Marketing and communication activities (where consent is required

6. CRM and Contact Management – HubSpot

For contact management, request handling, communication, and marketing activities, the Data Controller uses the CRM service provided by HubSpot, Inc.

HubSpot enables centralized management of:

  • Contact details
  • Communication records
  • Website interactions
  • Email campaigns and tracking

Personal Data submitted through forms on this website is transmitted to and stored on HubSpot’s servers.

HubSpot may process:

  • Name and surname
  • Email address
  • Phone number
  • Company name
  • Message content
  • Website interaction data
  • Email interaction data

Processing is carried out in compliance with Regulation (EU) 2016/679 (GDPR).

Where Personal Data is transferred outside the EEA, such transfers are safeguarded by Standard Contractual Clauses approved by the European Commission or other legally recognized safeguards.

For more information:
https://legal.hubspot.com/privacy-policy

7. Platform Services and Hosting

These services are intended to host and run key components of this Application, allowing its operation from a unified platform.

Such platforms may provide tools such as analytics, user registration systems, database management, and communication tools, which imply the collection and handling of Personal Data.

Some services operate through geographically distributed servers, making it difficult to determine the exact location where Personal Data is stored.

8. Tag Management

This type of service helps the Data Controller manage tags or scripts centrally.

This may result in Users’ Data flowing through such services and potentially being retained.

COOKIE POLICY

This Application uses Cookies and other tracking technologies (“Trackers”).

Cookies are small text files stored on the User’s device while browsing.

Cookies may be:

  • Technical (necessary for the operation of the website)
  • Analytical
  • Marketing or profiling cookies (where applicable)

Users may manage or withdraw their consent at any time via the cookie consent banner.

This Cookie Policy was last updated on 27/03/2025 and applies to citizens and legal permanent residents of the European Economic Area (EEA) and Switzerland.

9. Legal Basis for Processing (EEA Users)

The Data Controller may process Personal Data if one of the following applies:

  • The User has given consent for one or more specific purposes
  • Processing is necessary for the performance of a contract
  • Processing is necessary to comply with a legal obligation
  • Processing is necessary for legitimate interests pursued by the Data Controller

Users may request clarification regarding the specific legal basis applicable to their data.

10. Rights of Users under the GDPR

Users have the right to:

  • Withdraw consent at any time
  • Object to processing
  • Access their Personal Data
  • Verify and request rectification
  • Restrict processing
  • Obtain erasure of their Personal Data
  • Receive their Data in a structured, commonly used and machine-readable format
  • Lodge a complaint with a supervisory authority

Requests may be submitted to the Data Controller using the contact details provided above.

The Data Controller will respond within one month, as required by law.

11. Additional Information

Legal Action

Personal Data may be used for legal purposes in court or in preparation for legal proceedings arising from improper use of this Application.

System Logs and Maintenance

For operation and maintenance purposes, this Application and third-party services may collect system logs and other Personal Data (such as IP address).

Changes to this Privacy Policy

The Data Controller reserves the right to modify this Privacy Policy at any time. Users are encouraged to review it regularly.